Re: Last call comment on draft-weiler-dnssec-dlv-iana-00

[Michael Richardson <mcr at sandelman.ca>]

Olaf M. Kolkman wrote:
> Although IANA is in a unique position that it has an established 
> relation with the TLD operators and the number registries for the 
> domains under in-addr.arpa, it is not the only party that could offer 

  How much of the IAB's concern is that it's under .arpa, and how much
is the concern that IANA will be unable to (afford) do this work?

  If having the DLV under olaf.NLnetLabs.nl (or some other convenient
prefix) solves enough of the concern, could we address the IANA requirements 
separately?

> The establishment of the DLV registry bootstraps on relations that IANA 
> maintains with the TLDs on the basis of the maintenance of a space that 
> is specifically outside the scope of the MOU between the IETF and IANA. 

This suggest that actually, the IETF is not the only organization that could 
ask IANA to do this.  IANA could do it on their own, for instance.

> We feel that by stepping over this boundary we would also get involved 
> in some of the policy issues regarding the "forward" name space.  That 
> there are policy issues with getting the root signed is duly known. So 
> if the IETF were to establish this DLV registry in .arpa, than that 
> might be seen as an attempt to outrun the policy making process. We 
> therefore feel that the IETF should be extremely careful in making a 
> request of this sort.

I think... there is too much thinking occurring!
Just do it.

> The IAB, obviously, favors expedient deployment of DNSSEC in the DNS root.

It still hasn't happened.  If it were going to happen quickly, it would 
already be done. I don't see it happening in a reasonable amount of time.

> However, the IAB does not support the establishment of a domain under 
> .arpa combined with a request from the IETF to IANA to establish such a 
> service as that would implicitly be based on the MOU between RFC3172. 

> However,
>  - if there is IETF wide consensus on a proposal to establish a .arpa zone;
>  - if such proposal would deal with the 'competition' issues mentioned 
> above;
>  - if such proposal should contain much more detail on how to establish 
> and maintain authentic DLV entries;
>  - and if said proposal describes the other requirements for such 
> registry such as key management;
> then given such IETF consensus the IAB will explore how such registry 
> can be established without violating the MOU.

Thanks for leaving the conversation open.
It sounds like the IAB would be happy to create such a zone if it wasn't
IANA doing it, i.e. other than the competition issue, the IAB is not opposed 
to dnssec.arpa.

Contrary to what I write above, that the IAB is actually more concerned about 
IANA than about .arpa pollution?

The competition issue is, I think, moot. Anyone can start a DLV.

IANA already has a monopoly on various numbers/name spaces. It does no 
politics about which zones can be created/deleted/etc. It just maintains 
relationships. IANA has no monopoly on having relationships with all the TLDs 
and reverse zone owners, but IANA already has those relationships. We just 
want to leverage them.

It seems that if IANA were to create dlv.iana.org, that there could be no 
concern from the IAB about giving IANA a privileged position in .arpa. Is 
this correct?








_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf